NETWORK SEPARATION

1. Basic deployment: automatic and semi-automatic secure file sharing
Requirement:
  • Automatic or semi-automatic safe file transfer from IT network to secure air-gapped OT network.
GateScanner (GS) modules:
  • GateScanner Application Server located between data diodes sends all files to multiple AV and CDR scanning engines, delivering files from IT to OT.
  • Files arrive at the IN port of GS Application Server either from applications on the IT (automatic file transfer) or from users saving files at defined folders (semi-automatic transfers) and delivered by the OUT ports to specified folders within the OT.
2. Network separation with inputs from portable media
Requirement:
  • Air-gapped sensitive network with unidirectional file flow into the secure zone
  • File inputs from portable media to destinations in the secure zone
GateScanner (GS) modules:
  • Central GateScanner management client, logging and updating located on the IT network (Site A). Scan logs from GateScanner can be synced with the SIEM. SIEM integrations via syslog, SNMP and other sources.
  • GateScanner Kiosk portable media station sending incoming files via GateScanner Injector diode to GateScanner Application Server for sanitization and distribution with email notification, in the secure zone (Site B).
  • User-based scanning policies and designated destinations in the secure destination.
3. Network separation with sandbox integration
Requirement:
  • Automatic or semi-automatic safe file transfer from IT network to secure air-gapped OT network with Sandbox integration.
GateScanner (GS) modules:
  • As in Solution #1 with the addition of external tools integration implemented on GateScanner Application Server sending files in-process on GateScanner Multi AV CDR engines to Sandbox and back, as part of the CDR processing.
4. Expanded network separation with bi-directional data flow
Requirement:
  • IT-OT network separation with secure multi-directional file sharing
  • Secure incoming email into the OT, bridging the air-gap (enhanced productivity for the OT)
  • Outgoing file redaction/data-loss prevention from the OT
  • Input from portable devices into the OT network
GateScanner (GS) modules:
  • GateScanner Injector data diodes positioned between the IT and OT network ensure unidirectional flow of files into the OT.
  • GateScanner CDR LAN, located between the IN and OUT of the data diodes, hosts Gatescanner Mail providing one-way CDR-sanitized email delivered into the OT, and GateScanner Application Server providing CDR-sanitized incoming files from multiple GS engines, to the OT file share.
  • GateScanner Kiosk delivers sanitized files from portable media uploads through a second data diode.
  • Outgoing files from the OT are redacted with policy-based rules by GateScanner Kiosk for output to portable media, and by a third data diode, prior to transfer to the IT network file share.
Scroll to Top